Use of cellular mobile devices for accessing computer data networks has recently increased dramatically. These mobile devices, often referred to as “smart” phones, provide a platform for both cellular phone calls and cellular-based access to computer data services. For example, a typical cellular radio access network is a collection of cells that each includes base stations capable of transmitting and relaying radio signals to subscribers' mobile devices. A “cell” generally denotes a distinct area of a cellular network that utilizes a particular frequency or range of frequencies for transmission of data. A typical base station is a tower to which are affixed a number of antennas that transmit and receive the data over the particular frequency. Mobile devices may transmit radio signals at the designated frequency to the base stations to initiate cellular telephone calls or packet-based data services. With respect to data services, cellular service providers convert the cellular signals, e.g., Time Division Multiple Access (TDMA) signals, Orthogonal Frequency-Division Multiplexing (OFDM) signals or Code Division Multiple Access (CDMA) signals, received from mobile devices at the base stations into Internet protocol (IP) packets for transmission within packet-based networks.
The ubiquitous use of cellular mobile devices and the ever increasing desire by users for fast, secure network access from around the world has presented many challenges for enterprises. For example, users may employ their mobile devices to access an enterprise network through both a cellular service provider network and one or more wireless access points of the enterprise network itself. In accessing the enterprise network via both the cellular service provider network and the wireless access point, the user may have to separately authenticate themselves with respect to both forms of accessing the enterprise network. The users typically access the enterprise network via the cellular service provider network from home or on their way to work after authenticating themselves, but are reluctant to access the enterprise network via the wireless access points because they have to re-authenticate themselves prior to accessing the enterprise network via the wireless access points. Yet, the enterprise typically pays for the cellular data service on behalf of the users and, therefore, may prefer that the users access the enterprise network via the wireless access points of the enterprise network to reduce costs. Moreover, the enterprise may prefer that the users access the enterprise network via the wireless access points to alleviate information technology (IT) burdens associated with ensuring security policies of the enterprise network are met. Service providers may also want to securely transition users from the cellular network to wireless access points that are operated by the service provider or a partner of the service provider in order to reduce load placed on the cellular network by mobile devices.